Having claimed to be making off with protected information last week, hacker group LulzSec now says it has obtained the password details of one million users of the Sony Pictures website.
Sony says it is aware of the claims and is investigating, the BBC reports.
"From a single injection, we accessed EVERYTHING," a LulzSec statement claims. "Why do you put such faith in a company that allows itself to become open to these simple attacks?
"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it's just a matter of taking it.
"This is disgraceful and insecure: they were asking for it."
LulzSec has previously claimed responsibility for a security breach on the Sony Music Japan website.